package com.miku.blog.interceptor;

import com.miku.blog.domain.dto.ResourceUserDTO;
import com.miku.blog.domain.pojo.LoginUser;
import com.miku.blog.domain.pojo.SystemConstance;
import com.miku.blog.eume.HttpStatusEnum;
import com.miku.blog.utils.PathUtils;
import com.miku.blog.utils.SecurityUtils;
import com.miku.blog.utils.WebUtils;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/**
 *
 * 验证用户 是否拥有该请求路径资源权限
 * 如果拥有则放行,如果没有则返回权限不足
 *
 * 用户所拥有的资源 根据其角色而定
 *
 * 只验证 不支持匿名访问的资源
 * 支持匿名访问的路径直接放行
 *
 * @author shkstart
 * @create ${}YEAR-06-19 8:36
 */

public class UserResourceInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        Integer isAnonymous = (Integer) request.getAttribute(SystemConstance.REQUEST_ATTRIBUTE_RESOURCE_ANONYMOUS);
        if (SystemConstance.IS_ANONYMOUS.equals(isAnonymous)) {
            return true;
        }

        String requestURI = request.getRequestURI();

        LoginUser loginUser = SecurityUtils.getLoginUser();
        Map<String, List<ResourceUserDTO>> userResourceMap = loginUser.getResourceMap();

        String pathPrefix = PathUtils.getPathPrefix(requestURI);
        List<ResourceUserDTO> resourceUserDTOS = userResourceMap.get(pathPrefix);
        if (Objects.isNull(resourceUserDTOS) || resourceUserDTOS.size() <= 0) {
            WebUtils.sendResponseResult(response, HttpStatusEnum.FORBIDDEN);
            return false;
        }
        if (pathPrefix.equals(requestURI)) {
            for (ResourceUserDTO dto : resourceUserDTOS) {
                if (dto.getUrl().equals(requestURI) && dto.getRequestMethod().equals(request.getMethod())) {
                    return true;
                }
            }
        } else {
            boolean sameURI = true;
            one:for (ResourceUserDTO dto : resourceUserDTOS) {
                String url = dto.getUrl();
                String method = dto.getRequestMethod();
                if (url.equals(requestURI)) {
                    sameURI = false;
                    if (method.equalsIgnoreCase(request.getMethod())){
                        return true;
                    }
                }else if (sameURI){
                    String[] requestSplit = requestURI.split("/");
                    String[] splits = url.split("/");
                    if (requestSplit.length == splits.length){

                        for (int i = 0;i < requestSplit.length;i++){
                            String var1 = requestSplit[i];
                            String var12 = splits[i];
                            if (!var1.equals(var12) && !var12.equals(SystemConstance.RESTFUL)){
                                continue one;
                            }
                        }
                        if (request.getMethod().equalsIgnoreCase(method)){
                            return true;
                        }
                    }
                }
            }
        }

        WebUtils.sendResponseResult(response, HttpStatusEnum.FORBIDDEN);
        return false;
    }
}
